Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Prevent PSPNG from provision include/exclude/sor to AD

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Prevent PSPNG from provision include/exclude/sor to AD


Chronological Thread 
  • From: "Bee-Lindgren, Bert" <>
  • To: Pregash J Devasagayam <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Prevent PSPNG from provision include/exclude/sor to AD
  • Date: Fri, 24 Mar 2017 19:40:27 +0000
  • Accept-language: en-US
  • Authentication-results: colorado.edu; dkim=none (message not signed) header.d=none;colorado.edu; dmarc=none action=none header.from=oit.gatech.edu;
  • Ironport-phdr: 9a23:cxZYpxauH5+LvYopvWnMvpn/LSx+4OfEezUN459isYplN5qZpsy+bB7h7PlgxGXEQZ/co6odzbGH7ua/BCdZu8jJmUtBWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBW7oR/Tu8QWjoduN7g9xxrUqXZUZupawn9lK0iOlBjm/Mew+5Bj8yVUu/0/8sNLTLv3caclQ7FGFToqK2866tHluhnFVguP+2ATUn4KnRpSAgjK9w/1U5HsuSbnrOV92S2aPcrrTbAoXDmp8qlmRAP0hCoBKjU063/chNBug61HoRKhvx1/zJDSYIGJL/p1Y6fRccoHSWZdQspdUipMCZ6+YYQSFeoMJeZWoZfgqVsSoxWwBgesC+HuyjBUiXD7xrc13/gkEQzcwAAsA9ADvXLJp9v1LqcSVuW1wbHGwTjecfxZxy7x5o7JchAnvP6MUqhwftTXyUU3CgjIk0ufqZb5Pz+by+8AtHOU4PR6VeKzkWIosB9+rSa2yscoi4nJgJ8ayl/e9SpnxoY4Ptq4SE9nYdK+H5tfrT2aOJVqTcMiWW1npjs1yqAftJO9YSMEy4wnygbBZ/Odb4SE/xfuWPuMLTtlgX9ldr2yiwqu/UWlxO3zSMa53EpPoydAkNTAqGwC2wTN5sWGVvdw/EKs2TiU2A3X9u1JJEI5mrbVJpI/x7M/jYccvEvdEiLzmEj6kLWZe0Eh9+Wo5OnnbKnqq5qfOoNoigzxLqEjl8iiDeglLwcDWXWQ9/6m273550L5Ra1Hjv0onandt5DXPdwVq7K+DQNJz4ov8guxAS+73NgBmnkIN0xKdAiAj4j0J1HBO/f4Deq5g1uxijtr3+rGPrr9AprTMnfDjLbhfbF760JGzwoz0Mxf55ZTCrEGI/L/QFP+tNvdDhMhMgy0xfjoCMll248AQ22DHrKVPabPvVOV++4iJueMaYAJtDrhLvUl6eDhgHAllVIYeKSk34UbZ2ygEvRjOUqZYH7sgtkbEWcNuwozVPflh0OYUT5PfXq9RLwz6S8iBIKiDIfDQJ2igLOb3CilGJ1bfWdGClGQEXvyeIWLQesMZzyOLc9hiDALS6WuS5I52RG0qAD606ZnLvbT+iAAupLjzt915/DLlR4s7zx4Ftmd03qTQGFuhWMFXDs23KFkoUxh0VePz7J0g/1eFdxP+fxJSAE6OoDAz+BkEdz9RB/OfsraAGqhF+28DD44VdJ54Zciblh0ANythwHK2mL+D7ILnqeCC5Uc+aXY2GL4K8E7xnrbgvoPlV4jF4FlOGDjoq95+wfJCoiN22+UjbrgPfAW0TTRsm2OwC+KvUdUXxR9V43CXGxZaULKoN/5oE7OUun9WvwcLgJdxJvaeeNxYdrzgAADHa+7NQ==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hello,

Here is a quick answer; I can write a more complete one later if necessary. 

The answer is to define override the group selection _expression_ with a copy/paste of the default _expression_ with clauses added that compare names (or a custom attribute) to the patterns you don't want. 

Again, I'll provide an exact _expression_ when I'm at a computer. 

--Bert

On Mar 24, 2017, at 11:58 AM, Pregash J Devasagayam <> wrote:

Hi all,

 

We had thought we had seen a configuration setting that prevented groups with certain suffixes from being provisioned to a resource in the past, but can’t seem to find it now.  We are using the include/exclude group type on a number of groups, and we are in the middle of transitioning from our own in-house group provisioning logic to using pspng for our Active Directory.  In our testing we see that the _includes, _excludes, _systemOfRecord, and the _systemOfRecordAndIncludes groups all get provisioned to the active directory along with the final composite group.  We just want the final composite group to be provisioned and anything with those suffixes to be ignored. 

 

Any ideas?

 

Thanks,

 

Pregash Devasagayam

OIT Identity and Access Management

University of Colorado Boulder




Archive powered by MHonArc 2.6.19.

Top of Page